/*
 * $Header: /cvshome/build/org.osgi.service.deploymentadmin/src/org/osgi/service/deploymentadmin/spi/DeploymentCustomizerPermission.java,v 1.6 2006/06/21 15:16:13 hargrave Exp $
 * 
 * 
 * Copyright (c) OSGi Alliance (2005, 2006). All Rights Reserved.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.osgi.service.deploymentadmin.spi;

import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.security.*;

import org.osgi.service.deploymentadmin.DeploymentAdminPermission;

/**
 * The <code>DeploymentCustomizerPermission</code> permission gives the right to 
 * Resource Processors to access a bundle's (residing in a Deployment Package) private area.
 * The bundle and the Resource Processor (customizer) have to be in the same Deployment Package.<p>
 * 
 * The Resource Processor that has this permission is allowed to access the bundle's 
 * private area by calling the {@link DeploymentSession#getDataFile} method during the session 
 * (see {@link DeploymentSession}). After the session ends the FilePermissions are withdrawn.
 * The Resource Processor will have <code>FilePermission</code> with "read", "write" and "delete" 
 * actions for the returned {@link java.io.File} that represents the the base directory of the 
 * persistent storage area and for its subdirectories.<p>
 * 
 * The actions string is converted to lowercase before processing.
 */
public class DeploymentCustomizerPermission extends Permission {
    
    /**
	 * 
	 */
	private static final long	serialVersionUID	= 1L;

	/**
     * Constant String to the "privatearea" action.
     */
    public static final String PRIVATEAREA = "privatearea";

    private static final String      delegateProperty = "org.osgi.vendor.deploymentadmin";
    private static final Constructor constructor;
    private final        Permission  delegate;
    static {
        constructor = (Constructor) AccessController.doPrivileged(new PrivilegedAction() {
            public Object run() {
                String pckg = System.getProperty(delegateProperty);
                if (null == pckg)
                    throw new RuntimeException("Property '" + delegateProperty + "' is not set");
                try {
                    Class c = Class.forName(pckg + ".DeploymentCustomizerPermission");
                    return c.getConstructor(new Class[] {String.class, String.class});    
                }
                catch (Exception e) {
                    throw new RuntimeException(e.getMessage());
                }
            }});
    }

    /**
     * Creates a new <code>DeploymentCustomizerPermission</code> object for the given 
     * <code>name</code> and <code>action</code>.<p>
     * 
     * The name parameter is a filter string. This filter has the same syntax as an OSGi filter 
     * but only the "name" attribute is allowed. The value of the attribute  
     * is a Bundle Symbolic Name that represents a bundle. The only allowed action is the 
     * "privatearea" action. E.g.
     * 
     * <pre>
     * 		Permission perm = new DeploymentCustomizerPermission("(name=com.acme.bundle)", "privatearea");
     * </pre>
     * 
     * The Resource Processor that has this permission is allowed to access the bundle's 
     * private area by calling the {@link DeploymentSession#getDataFile} method. The 
     * Resource Processor will have <code>FilePermission</code> with "read", "write" and "delete" 
     * actions for the returned {@link java.io.File} and its subdirectories during the deployment 
     * session.
     * 
     * @param name Bundle Symbolic Name of the target bundle, must not be <code>null</code>.
     * @param actions action string (only the "privatearea" or "*" action is valid; "*" means all 
     *        the possible actions), must not be <code>null</code>.
     * @throws IllegalArgumentException if the filter is invalid, the list of actions 
     *         contains unknown operations or one of the parameters is <code>null</code>
     */
    public DeploymentCustomizerPermission(String name, String actions) {
        super(name);
		try {
			try {
	            delegate = (Permission) constructor.newInstance(new Object[] {name, actions});
			}
			catch (InvocationTargetException e) {
				throw e.getTargetException();
			}
		}
		catch (Error e) {
			throw e;
		}
		catch (RuntimeException e) {
			throw e;
		}
		catch (Throwable e) {
			throw new RuntimeException(e.toString());
		}
    }

    /**
     * Checks two DeploymentCustomizerPermission objects for equality. 
     * Two permission objects are equal if: <p>
     * 
     * <ul>
     * 		<li>their target filters are equal (semantically and not character by 
     *   	character) and</li>
     * 		<li>their actions are the same</li> 
     * </ul>
     * 
     * @param obj the reference object with which to compare.
     * @return true if the two objects are equal.
     * @see java.lang.Object#equals(java.lang.Object)
     */
    public boolean equals(Object obj) {
        if (obj == this)
        	return true;
        if (!(obj instanceof DeploymentCustomizerPermission))
            return false;
        DeploymentCustomizerPermission dcp = (DeploymentCustomizerPermission) obj;
        return delegate.equals(dcp.delegate);
    }

    /**
     * Returns hash code for this permission object.
     * 
     * @return Hash code for this permission object.
     * @see java.lang.Object#hashCode()
     */
    public int hashCode() {
        return delegate.hashCode();
    }

    /**
     * Returns the String representation of the action list.
     * 
     * @return Action list of this permission instance. It is always "privatearea".
     * @see java.security.Permission#getActions()
     */
    public String getActions() {
        return delegate.getActions();
    }

    /**
     * Checks if this DeploymentCustomizerPermission would imply the parameter permission.
     * This permission implies another DeploymentCustomizerPermission permission if:
     * 
     * <ul>
     * 		<li>both of them has the "privatearea" action (other actions are not allowed) and</li>
     * 		<li>their filters (only name attribute is allowed in the filters) match similarly to 
     * 		{@link DeploymentAdminPermission}.</li>
     * </ul>
     * 
     * The value of the name attribute means Bundle Symbolic Name and not Deployment Package 
     * Symbolic Name here!<p>
     * 
     * @param permission Permission to check.
     * @return true if this DeploymentCustomizerPermission object implies the 
     * specified permission.
     * @see java.security.Permission#implies(java.security.Permission)
     */
    public boolean implies(Permission permission) {
        if (!(permission instanceof DeploymentCustomizerPermission))
    		return false;
    	        
        DeploymentCustomizerPermission dcp = (DeploymentCustomizerPermission) permission;
        
        return delegate.implies(dcp.delegate);
    }

    /**
     * Returns a new PermissionCollection object for storing DeploymentCustomizerPermission 
     * objects.
     *  
     * @return The new PermissionCollection.
     * @see java.security.Permission#newPermissionCollection()
     */
    public PermissionCollection newPermissionCollection() {
        return delegate.newPermissionCollection();
    }

}
